> Michael says he was lucky that he lost the password years ago because, otherwise, he would have sold off the bitcoin when it was worth $40,000 a coin and missed out on a greater fortune.
Yes but stocks are usually tied to a business producing some sort of service that people want, and therefore have value. Crypto is tied to, checks notes nothing.
I’m no shill for crypto, but you can’t with a straight face claim that all non-crypto financial instruments are ‘tied to … some sort of service that people want’.
There’s a whole world of shady crap going on in the ‘legitimate’ financial space.
Dollars are also tied to nothing. A towel with the logo of a sports team also has zero intrinsic value. Same with a shiny lump of useless metal.
That's because being tied to something, or having intrinsic value is not how things gain value.
Things, crypto, dollars, gold, and towels, have value because people WANT them. That's it.
You even touched on it: "some sort of service that people want, and therefore have value" - crypto provides a service people want, therefore by your own words it has value.
Article 12 – dealing directly with the acquisition and disposition of interests (including security interests) in “controllable electronic records,” which would include Bitcoin, Ether, and a variety of other digital assets ... Control under Article 12 is designed to be a technology-neutral functional equivalent of “possession.” It generally encompasses circumstances when a party has the “private key”
Stocks arent tied to company performance unless they have divendends. Which would mean most stocks are also tied to nothing. Except stocks have recognizable logos I guess.
Cryto is excellent for keeping money and transfers. Especially if you don’t live in eu our us. Big coins are getting very stable and are good long term investments depending on how you see it will go :)
Bank system is terribly inefficient comparatively and it is a huge market
Yikes. Terrible video that showcases what's wrong with modern youtube and anti-informative entertainment videos. It could have been a three paragraph blog.
I had to stop watching because of all the cringy tweenertainment funny faces and jerky body movements and hands waving all over the place.
Highly recommended, didn't think I'd watch the whole thing but the production quality was great and it explains everything much better than the wired article.
After your reco after the GP's reco, I would have to agree. This is well done. However, coming from a coding/dev background, it was easy to follow and it all makes sense.
However, it goes to show why hacking will never be made interesting in movies without a bunch of fake nonsense like hacking the Gibson's 3D virtual environment.
Nearly every crypto wallet I've created, I've initiated a transfer the same day. With the public ledger I can look up the first transaction for one of my wallet addresses and know with near certainty when that wallet was created. I wouldn't be surprised if this was the case for most people.
Who is he in that sentence? Do you mean the owner of the wallet who is absouletly very lucky, or the hackers that did a lot of investigating and reverse engineering to learn that the datetime was the seed. Was that luck or l337skillz?
It was both, like it usually is. All that investigating and reverse engineering would have been for nought if the program didn't have the problems in the first place. Hard work is often how you capitalize on luck. Sometimes the work is enough by itself, and sometimes it's not and the luck is integral.
Seems like they all were lucky that he luckily used a vulnerable password manager and knew the approximate parameters and time it was created. If he didn't get lucky, they might not have been paid.
That is super lucky. They didn’t break the crypto, they broke the PRNG. Amateur wallet design. Any security programmer with a passing knowledge of NIST entropy requirements 800-90 a/b/c would have never done this.
Almost all cryptosystems are broken by implementation issues, not attacks on the algorithms themselves. This may be a particularly straightforward attack, but crypto is hard. There's a lot of details you have to get right and a single mistake can destroy all the effort, regardless of how much else you got right.
I was completely engrossed throughout the entire article, and by the end, I was left eagerly wanting to know what the password was. I guess I've watched too many movies.
So Roboform has almost certainly thousands (of not millions) of users with weak passwords, and not only didn't they tell anyone, all they give is a shrug when asked about it.
Anyway the major benefit of using a password manager isn't generating difficult to guess passwords.
It's being able to generate unique passwords so when you're details end up on https://haveibeenpwned.com people can't take the password that's leaked and try it on all the other services you've used.
I mean how weak are they really? These guys knew the algo and still struggled and pestered the user over and over for the other parameters. They also had what I would describe as an extreme motivation to crack this.
The constraint is knowing when the password was created. If you know that within a day or so, that makes the problem much more tractable and you can instead focus on number of characters and the other parameters.
Sniffing traffic (yes even encrypted) would be enough to see if you’re going through the login or initial user establishment flow, and that would give you a precise time when the password was generated.
The fact that a password could be cracked at all means it was very weak. Strong passwords can't be cracked with any realistic amount of resources or motivation.
Hard to say without details; but now that the weakness is known it may become a lot easier. It's one thing if you think it may work if you have the correct parameters but aren't sure, and quite another if you know it will work.
Password managers are kind of a "defence in depth" thing; practical speaking, a passwords.txt opened with notepad is probably fine for many people. No one is in your computer checking your files. You have a password manager for when that does happen, just in case. And usually this tends to be a targetted attack, which can range from some country's secret service to a jealous spouse to a trolling sibling. If that extra protection is ineffective ... yeah, that's not great.
This really is "better safe than sorry" type territory. Password managers (including Roboform) already do this by notifying users a password may be insecure after a leak. A lot of the time that's not really needed if your password is sufficiently secure, but "better safe than sorry". This is not all that different.
If it had a default creation setting, it would be much easier to crack most user's passwords. There's still a motivation issue, but that's not a solid defense.
People have bank passwords, social media accounts (which can be used in all sorts of nefarious ways), etc. Some may be 2FA protected, some may not be. Some may be protected by bad faux-2FA.
Just because there aren't million at stake doesn't mean you can't bring someone to ruin.
Crypto doesn’t change the game. Products that generate passwords should do so securely.
You may be using it to protect extremely sensitive information that could have people killed - that’s more important than a few million dollars in imaginary money
Readit News
This is so true for stocks too
There’s a whole world of shady crap going on in the ‘legitimate’ financial space.
That's because being tied to something, or having intrinsic value is not how things gain value.
Things, crypto, dollars, gold, and towels, have value because people WANT them. That's it.
You even touched on it: "some sort of service that people want, and therefore have value" - crypto provides a service people want, therefore by your own words it has value.
It's being tied to US state law, via the Uniform Commercial Code (UCC Article 12 for Digital Assets), https://www.clearygottlieb.com//news-and-insights/publicatio...
It is very in demand, for instance, in helping dictators evade sanctions, or helping criminals extort or trade illegally.
You'd do better to argue 'currencies are usually tied to a productive country with some measurable GDP and therefore [...]'.
Bank system is terribly inefficient comparatively and it is a huge market
Deleted Comment
Dead Comment
Unfortunately others owned Sears Roebuck, or Enron.
Who could have guessed they'd pass on digital even though they practically invented it.
I had to stop watching because of all the cringy tweenertainment funny faces and jerky body movements and hands waving all over the place.
I agree with you that entertainment has taken over too much (it inevitably attracts a wider audience), but there is room for both.
me: closes YouTube.
However, it goes to show why hacking will never be made interesting in movies without a bunch of fake nonsense like hacking the Gibson's 3D virtual environment.
Dead Comment
They also found the seed was from time and knew when he had created it.
He got lucky there a little.
Who is he in that sentence? Do you mean the owner of the wallet who is absouletly very lucky, or the hackers that did a lot of investigating and reverse engineering to learn that the datetime was the seed. Was that luck or l337skillz?
What a bunch of bozos.
Anyway the major benefit of using a password manager isn't generating difficult to guess passwords.
It's being able to generate unique passwords so when you're details end up on https://haveibeenpwned.com people can't take the password that's leaked and try it on all the other services you've used.
Sniffing traffic (yes even encrypted) would be enough to see if you’re going through the login or initial user establishment flow, and that would give you a precise time when the password was generated.
This is a serious flaw.
Password managers are kind of a "defence in depth" thing; practical speaking, a passwords.txt opened with notepad is probably fine for many people. No one is in your computer checking your files. You have a password manager for when that does happen, just in case. And usually this tends to be a targetted attack, which can range from some country's secret service to a jealous spouse to a trolling sibling. If that extra protection is ineffective ... yeah, that's not great.
This really is "better safe than sorry" type territory. Password managers (including Roboform) already do this by notifying users a password may be insecure after a leak. A lot of the time that's not really needed if your password is sufficiently secure, but "better safe than sorry". This is not all that different.
You can then try to log into every account, with passwords generated with the default settings.
When a password manager maker finds a vulnerability they should absolutely tell their users to regenerate their passwords!
Just because there aren't million at stake doesn't mean you can't bring someone to ruin.
You may be using it to protect extremely sensitive information that could have people killed - that’s more important than a few million dollars in imaginary money